Elevating Trust: Securing AWS Infrastructure for a Leading Financial Trading Platform
A leading stock exchange in India has witnessed a transformative journey, evolving into a cornerstone of India’s financial landscape. The financial trading platform acts as a key facilitator for companies seeking capital and investors looking for opportunities. Having introduced electronic trading and upon expanding its product offerings to include diverse financial instruments such as derivatives and mutual funds, the regulated entity ensures adherence to strict listing requirements and corporate governance standards, to ensure investor confidence. Its global collaborations and recognition showcase its commitment to aligning with international best practices and attracting foreign investments.
Financial Services
Published Date : 11-January-2024
Building a Secure Market-Responsive Infrastructure
As reliance on technology grows in the securities market, there is a surge in incidents involving glitches in the systems of investors. Some of these glitches result in disruptions to trading services, triggering complaints from investors. In such scenarios, investors with open positions face the potential challenge of lacking available options to close their positions, especially during periods of market volatility.
The prominent financial services customer has its own trading platform running on-premise and is backed up by a primary DR. However, the systems of investors who access the platform do not always have DR in place. When the platform, or an investor’s faced downtime, there was no option for the investors to close out their trading positions. The primary DR was also prone to failure when invoked. Our customer wanted to create a highly secure Disaster Recovery (DR) option as common backup that would enable multiple investors to close out positions in the event of downtime.
The customer also felt that in some cases an investor might not be able to move to the DR site within a short span of time and the site might be open to cyber-attacks. As a result, they decided to create access to a common platform that would enable investors to close out their positions and pending requests. While the investors would not be able to take fresh positions, the failover solution would allow them to manage risk until the original platform recovered.
This infrastructure needed to facilitate on-demand private connections with multiple stock exchanges while ensuring robust security measures, including access restrictions, secure communication channels, and protection against cyber threats such as malware and Distributed Denial of Service (DDoS) attacks.
Noventiq has wide experience working with Enterprise customers in the Finance sector, and the prominent financial services leader entrusted the security requirement to our team of cloud experts.
Noventiq’s 360º Security Solution on AWS
Centralizing Identity Access with PAM
Noventiq devised a comprehensive solution leveraging Amazon Web Services (AWS) to address the customer’s requirements. The architecture employed AWS Landing Zone with Control Tower and Service Control Policies (SCPs) for strict access controls and best practices. A centralized and robust authentication mechanism was implemented using a third-party Privileged Access Management (PAM) solution and AWS Directory services for identity centralization.
Access management and security measures
Access to AWS infrastructure was restricted through role-based policies on the PAM solution, authenticated via secure VPN connections with multi-factor authentication. AWS Landing Zone SCPs were utilized to enforce restrictions, including encrypted disks, and disabling unnecessary logs. Perimeter traffic inspection and a SaaS-based Web Application Firewall (WAF) were implemented to safeguard against DDoS attacks and web traffic threats, using behaviour-based inspection and machine learning.
Secure Platform Acts as a Reliable Backup During Downtime
The implemented solution provided the large and prominent financial services platform with several advantages.
The platform serves as a protective mechanism for investors in the event of technical glitches experienced by the investor or a registered stockbroker. It offers investors the ability to swiftly close open positions and cancel pending orders should there be any disruptions at the stockbroker’s end. This acts as a safety net, ensuring investors have a backup option in times of operational challenges.
Comprehensive benefits include:
Drastically reduces investor closing time during downtime
Significant increase in operational efficiency when platform is down
Vast improvement in data protection with encryption & restricted access
Enhanced infrastructure efficiency by minimizing potential attack surfaces
- Centralized access control: Efficient governance with centralized AWS Console access, optimizing resource management.
- Better security measures: Two-layer authentication and privileged access management for heightened security.
- Compliance and Governance: Adherence to AWS best practices, Amazon Guardrails, and strict organization-wide controls.
- Continuous monitoring and response: 24/7 SOC monitoring for swift threat detection and centralized incident response.
- Data protection: Enforced encryption, restricted internet access, and automatic malware protection for data security.
Financial Services
Cloud Security
Financial Services
Cloud Security
